From d3a035e0ad8eb5beaf0cf09b672198366ddf1732 Mon Sep 17 00:00:00 2001 From: Elarwei Date: Sat, 28 Feb 2026 13:25:08 +0800 Subject: [PATCH] fix(feishu): address fourth-round codex bot review feedback - Enforce mutual exclusivity across all three upload sources (url, file_path, image): throw immediately when more than one is provided, instead of silently preferring the image branch and ignoring the others. - Validate plain base64 payloads before decoding: reject strings that contain characters outside the standard base64 alphabet ([A-Za-z0-9+/=]) so that malformed inputs fail fast with a clear error rather than decoding to garbage bytes and producing an opaque Feishu API failure downstream. Also throw if the decoded buffer is empty. --- extensions/feishu/src/docx.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/extensions/feishu/src/docx.ts b/extensions/feishu/src/docx.ts index 97099a18a8c..f3f3c9e9208 100644 --- a/extensions/feishu/src/docx.ts +++ b/extensions/feishu/src/docx.ts @@ -397,6 +397,7 @@ async function resolveUploadInput( explicitFileName?: string, imageInput?: string, // data URI, plain base64, or local path ): Promise<{ buffer: Buffer; fileName: string }> { + // Enforce mutual exclusivity: exactly one input source must be provided. const inputSources = ( [url ? "url" : null, filePath ? "file_path" : null, imageInput ? "image" : null] as ( | string @@ -450,6 +451,8 @@ async function resolveUploadInput( // plain base64 string (standard base64 alphabet includes '+', '/', '=') if (imageInput) { const trimmed = imageInput.trim(); + // Node's Buffer.from is permissive and silently ignores out-of-alphabet chars, + // which would decode malformed strings into arbitrary bytes. Reject early. if (trimmed.length === 0 || !/^[A-Za-z0-9+/]+=*$/.test(trimmed)) { throw new Error( `Invalid base64: image input contains characters outside the standard base64 alphabet. ` +